Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: c83aa88d9644594eb1553e8343fc3c5b --

Hashes
MD5: c83aa88d9644594eb1553e8343fc3c5b
SHA1: f3496fdd058c2623e8af46390f97d571ea7ea3ec
SHA256: 207f3d875a3ea8c82985fee48f46b506c58a3c4c3de243ccbf6f36937c74ba5b
SSDEEP: 384:LsTStxKboNB1Cz2EstKJ1Qs8NfJKvHmBksCGHZvDR+xgPD0LA3ZHurQRIfeFrrgC:gTKCzfd8fkXG5vggPiAdghoEZa0VtQ
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg |
Parent Files
6f0c96f90c291731e428d50af0ebcb61
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
YYuTVWh
YYu-9D$
j(j ^V
>=Yt/j
< tK<	tG
t#SSUP
t$$VSS
_^][YY
t^9(uZ
tD9(u@
0A@@Ju
0SSSSS
URPQQh
0SSSSS
0SSSSS
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
v	N+D$
CorExitProcess
mscoree.dll
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
InitializeCriticalSectionAndSpinCount
kernel32.dll
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
KERNEL32.dll
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
0.0D0T0z0
0"1:1F1L1
3#3,333R3
424=4B4T4^4e4
5%5*5H5
6$6+6O6U6`6l6
7"7,727?7N7U7b7
858M8q8
:#:):0:6:=:C:K:R:W:_:h:t:y:~:
;$;A;G;c;
; <)<5<h<q<}<
> ?>?`?n?}?
5)5/555R5_5
6?7#8+8D8^8
9%9I9Q9i9
9>:C:k:
;8;?;I;s;
>(>I>Y>d>
1%1l1q1
1B2K2Q2
3E3K3T3[3f3r3
9S9`9j9x9
9B:J:T:m:w:
=$=;=T=p=y=
>+>2>8>@>F>R>W>
1 1+11171<1E1b1h1s1x1
2+676j6
?(?/?7?<?@?D?m?
0$0(0,000
1M1T1X1\1`1d1h1l1p1
292E2Q3
3!42494H4M4Z4|4
5O6V6\6
< <'<1<9<F<M<}<
=7>F>V>b>l>t>
3!3(3,3034383<3@3D3
4,43484<4@4a4
4*5054585<5
7%7+72797@7G7N7U7\7d7l7t7
9 9Z;w;
3,303P3p3
404P4p4
1$1,141<1D1L1T1\1d1l1t1
4 4$4(4,404
5 5$5P9d:h:p:t:x:|:
;(;0;4;8;<;@;D;H;L;P;T;`; <$<